BlarghThe blog where I write down random techy things I've found or done.
https://blog.habets.se/
Fri, 08 Dec 2017 10:38:55 +0000Fri, 08 Dec 2017 10:38:55 +0000Jekyll v3.2.1Why bitcoin is terrible<p>For every day that passes I like bitcoin less. It’s bad for the world.</p>
<p>I have ranted about this many times, and it’s time I consolidate these
rants into a blog post.</p>
<p>We’ll see with time if this rant ages poorly or not.</p>
<h1 id="section-1-practicalities">Section 1: Practicalities</h1>
<h2 id="what-bitcoin-is-trying-to-achieve-in-payments">What bitcoin is trying to achieve in payments</h2>
<p>These would be good things:</p>
<ul>
<li>Anonymity</li>
<li>Peer to peer and remote payments</li>
</ul>
<h2 id="what-bitcoin-is-actually-good-for">What bitcoin is actually good for</h2>
<p>Bitcoin today is pretty much only good for two things:</p>
<ul>
<li>Committing crimes</li>
<li>Speculating on currency</li>
</ul>
<p>If you’re not doing one of those, then don’t use Bitcoin.</p>
<p>If you are an online store then sure, accept Bitcoin. There’s moral
problems with supporting Bitcoin (see rest of post), but as long as
you immediately convert to fiat currency when you receive payment it’s
fine <em>for you</em>. There are even companies out there that’ll guarantee
an exchange rate so that you never have to get into the business of
currency.</p>
<p>You may say that Bitcoin can be used to get money out of China, or
into Brazil, or to enable shopping of “things that should not be
called ‘drugs’ anyway”, but you have to admit that no matter what you
think of laws, that’s just other words for “committing crimes”.</p>
<h2 id="it-does-peer-to-peer-and-online-payments-you-left-that-out">It does peer-to-peer and online payments, you left that out!</h2>
<p>Is that really a hard problem?</p>
<ul>
<li><a href="https://www.paypal.com">Paypal</a></li>
<li><a href="https://support.google.com/mail/answer/3141103">GMail Payments</a></li>
<li><a href="https://pay.weixin.qq.com/index.php/public/wechatpay">WeChat P2P</a></li>
<li><a href="https://en-gb.facebook.com/help/863171203733904/">Facebook is introducing it</a></li>
<li><a href="http://wywallet.se/">Wywallet</a></li>
<li><a href="https://venmo.com/">Venmo</a> (Owned by Paypal)</li>
<li><a href="https://intl.alipay.com/">Alipay</a></li>
<li><a href="https://paytm.com/">Paytm</a></li>
<li><a href="https://www.paym.co.uk/">Paym</a></li>
<li><a href="https://www.twint.ch/en/">TWiNT</a></li>
<li><a href="https://www.revolut.com/">Revolut</a></li>
</ul>
<h2 id="but-wait-its-still-anonymous">But wait, it’s still anonymous!</h2>
<p>Is it though? In order to pay anonymously with bitcoin you need to
jump through hoops and be improbably competent. You need to tumble
your money very carefully, through multiple parties (how do you know
they’re not fronts for the same party?), who you trust are not
compromised.</p>
<h3 id="who-you-trust-are-not-compromised">… who you trust are not compromised.</h3>
<p>If you’re the NSA/GCHQ/etc… and you <em>haven’t</em> hacked most bitcoin
exchanges and tumblers then you’re incompetent, and essentially asleep
at the wheel. They <a href="http://www.bbc.co.uk/news/technology-31619907">hack SIM card
manufacturers</a> and
<a href="https://www.wired.com/2017/04/major-leak-suggests-nsa-deep-middle-east-banking-system/">SWIFT</a>,
so of course they would hack these amateur tumbler and exchange
websites.</p>
<h3 id="and-be-improbably-competent">… and be improbably competent</h3>
<p>Attacks only get better. They never get worse. There are people
<em>today</em> who <a href="http://www.bit-cluster.com/">claim to be able to de-anonymize
bitcoin</a>.</p>
<p>Can they? Maybe. But the transaction log is public. Do you think in 30
years it’ll be impossible? Do you think that your bitcoin tumbling
strategy <em>today</em> will be impossible to decode after 30 years of
research and statistics?</p>
<p>For those familiar with cryptography: Your use of Bitcoin anonymously
is like you making your own security protocol, and thinking it’s
secure because you base it on AES. But solid primitives don’t
automatically make for a solid protocol.</p>
<p>There are vast opportunities to screw up a security protocol even with
good primitives, and new ways are found every
day. E.g. encrypt-then-sign, or sign-then-encrypt? If you’re not
<em>actually</em> a cryptographer you shouldn’t put yourself into a position
to answer that.</p>
<p>In 10-30 years when there’s a new paper showing how to de-anonymize
your tumbling-strategy of today, do you want your weed purchases to be
visible for the whole world to see? The government is unlikely to care
(they likely already had the info anyway, and it’s beyond the statute
of limitations), but now anyone with a grudge can make a “thing” out
of it, socially or legally.</p>
<p>And do you truly believe that the people who tumble your cash aren’t
secretly recording the in’s and out’s? If someone’s already immoral
enough to launder money for anyone, what makes you think they’ll be
loyal to you? That in/out mapping over a few years will be worth <em>a
lot</em>.</p>
<p>Are you that competent? Is anyone? Seems improbable to me.</p>
<h1 id="section-2-lets-talk-about-an-anonymous-global-currency">Section 2: Let’s talk about an anonymous global currency</h1>
<p>If the end goal of Bitcoin is a currency as common as any other, legal
and practical for goods and services on a large scale, then we need to
answer some questions about what society that is.</p>
<p>Let’s assume that all technical hurdles of anonymity and scale are
actually solved, and we have a perfectly anonymous currency, and
compare it to digital non-anonymous currency like today’s “banks” and
“credit cards”.</p>
<h2 id="how-would-tax-work">How would tax work?</h2>
<p>Are you against taxes existing at all? All of it? Income tax, capital
gains, VAT, duties, etc…</p>
<p>Sure, you can be an ultra-liberal to the point of being almost
indistinguishable from an anarchist, but you and I both know that most
people are not, and they won’t be.</p>
<p>Most people want and will want a government, and in the west even
democracy.</p>
<p>If there’s no way for the government to check, then there’s no way to
get caught. Why not pay everyone under the table? Today stores and
taxis (bloody black cabs) dealing with cash have the opportunity to
pocket money tax free. But there’s at least some work to keep that
quiet. And it’s not always easy to spend the money either. It’s hard
to pay rent, buy a car, a vacation, and all other things using untaxed
money.</p>
<p>And if you get audited today it’ll look suspicious if 100% of your
legal money goes towards rent, since the tax man knows that you need
to eat too.</p>
<p>When paid in bitcoin both employer and employee have perfect
deniability about how much is being paid. Bonuses can be simply
transferred in bitcoin.</p>
<p>So in the end rich people will pay zero tax, and poor people much less
than today. All untraceable. If there’s a social safety net for people
who can’t afford food then everyone will be entitled to it.</p>
<h2 id="death">Death</h2>
<p>If I don’t tell you my password before I die then that money
disappears.</p>
<p>If I do tell you my password before I die then it could disappear
before I die.</p>
<p>What’s Bitcoin’s plan for this? Just suck it up as inflation? What if
someone or something worth 10% of the currency dies? Which brings me to…</p>
<h2 id="money-consolidation">Money consolidation</h2>
<p>Do you want a society where one family can collect 50% of the world’s
money? To want a digital anonymous world you not only say “yes”, but
you also want to say “yes, and future generations should not be
allowed to know if this happens”.</p>
<p>Today we can at least investigate how much money rich people
have. They hide it in complexity, but not with unbreakable math.</p>
<h2 id="individuals-are-not-competent-in-every-field-humanity-does">Individuals are not competent in every field humanity does</h2>
<p>When was the last time you tried to get cash and the ATM said “sorry,
we forgot the password to your account, so your money is gone”?</p>
<p>With Bitcoin people will have (and have had) hard drive crashes that
have destroyed fortunes.</p>
<p>A society like this makes no sense.</p>
<h2 id="bitcoin-exchanges-are-not-regulated">Bitcoin exchanges are not regulated</h2>
<p>… or at least not as regulated as banks.</p>
<p>Every idiot with a Cloud account can just become the bank and steal
all the money.</p>
<p>Or claim that someone else broke in and stole all the money.</p>
<p>Or turn your bank into a Ponzi scheme after someone steals all the
money.</p>
<ul>
<li><a href="https://en.wikipedia.org/wiki/Mt._Gox">Mt. Gox</a>. In one breach 6%
of all Bitcoin in circulation was stolen (4% of all Bitcoin that
will ever exist). Imagine if 6% of all cash were stolen. And realize
that some of that bitcoin that <em>you</em> use is stolen property.</li>
<li><a href="https://www.engadget.com/2011/08/12/biggest-eve-online-scam-ever-recorded-nets-over-a-trillion-isk/">Phaser
Inc</a></li>
<li><a href="https://www.theguardian.com/technology/2017/dec/07/bitcoin-64m-cryptocurrency-stolen-hack-attack-marketplace-nicehash-passwords">Nicehash</a></li>
<li><a href="https://magoo.github.io/Blockchain-Graveyard/">Many many more</a></li>
</ul>
<p>With game money you and the robber can just shrug and say “this is
part of the game”, but when it’s about your non-disposable real money
it’s not so funny anymore.</p>
<h2 id="fraud">Fraud</h2>
<p>Fraud (e.g. credit card fraud) is often solved by reversing the
charge. This not only returns the money to the victim but also puts
the incentives in the right place. Consumers don’t have the power to
force chip-and-pin, so there would be no point in placing the
incentives with them.</p>
<p>Thought it was annoying to get a virus before? Now it’ll take your
bank account with no possibilty to fix it. You can’t really insure
against it either, because another crime that’d be trivial and
untraceable would be insurance fraud.</p>
<p>Fraud handling works much better “for the little guy” today than with
Bitcoin. With Bitcoin fraud is not fixable.</p>
<h2 id="bank-hacking">Bank hacking</h2>
<p>Banks get hacked, or sometimes just make mistakes in big
transfers. How do you fix it? Yes, you reverse the transaction. What
if the recipient has withdrawn all of it as cash? You send the police
after them. And people know this, so they almost invariably don’t.</p>
<p>“If you are bank then don’t make a mistake” is obviously not the
answer.</p>
<h2 id="money-laundering">Money laundering</h2>
<p>Are you simply OK with money laundering as a thing everyone should do?
I’m not.</p>
<h2 id="follow-the-money-for-crime-investigations">“Follow the money” for crime investigations</h2>
<h3 id="banks">Banks</h3>
<p>Bob is murdered. Alice transferred $100k to known criminal Dave 7 days
prior. It’s not conclusive proof in itself, but you know where to
start this investigation, don’t you?</p>
<h3 id="cash">Cash</h3>
<p>Alice withdrew $100k 7 days prior, has been seen handing a bag to
Dave, and Dave now needs to carefully and competently launder that
without making a mistake.</p>
<h3 id="bitcoin">Bitcoin</h3>
<p>Bob is murdered. The End.</p>
<h2 id="without-bitcoin-ransomware-would-not-exist">Without bitcoin ransomware would not exist</h2>
<p>To participate in bitcoin is to enable ransomware. Yes, you can shrug
and say “guns don’t kill people, people kill people”, but you have to
admit that this is starting to add up. You have to shrug at a <em>lot</em> of
suffering in the world in order to support bitcoin. People literally
die who would not die if cryptocurrency didn’t exist.</p>
<p>How much shrugging is too much for your abstract notions of
decentralized currency? (and it looks like it’s not even all that
decentralized anyway, but this section assumes a perfect
cryptocurrency)</p>
<h1 id="section-3-but-its-just-like-cash-and-thats-fine">Section 3: But it’s just like cash and that’s fine!</h1>
<p>Bitcoin is really really not like cash. For small transactions,
yes. But more of the same is not the same.</p>
<h2 id="one-example-kamikaze-robbery">One example: Kamikaze-robbery</h2>
<p>What happens if a huge pile of cash is left unguarded for 2 seconds?
It might get stolen. Someone could grab the bag and run. They may even
be armed. But the robbers can only grab as much as they can carry, and
they have to keep it safe. The police will run after them, and often
the money is recovered.</p>
<p>What happens when someone goes into a bitcoin exchange armed to the
teeth, demanding all bitcoins in the exchange or the hostage will die?</p>
<p>What happens when a rogue employee of a company holding bitcoin (e.g.
an exchange) realizes that due to a security mistake they have access
to $1B worth of bitcoin, and they take it?</p>
<p>Well… they’ll probably get caught. Let’s assume the government exists,
or at least the police does.</p>
<p>Now what? The money is gone. The robber didn’t even need an exit
strategy, and can just surrender. Their family is set for life, and
only one person went to jail, and maybe only for a few years. When
they get out they’re rich.</p>
<p>ISIS could do this today. They could even go in, steal a billion
dollars, and then blow themselves up.</p>
<p>You could literally kill a bank and take all its money.</p>
<h2 id="hsbc-got-a-slap-on-the-wrist-for-laundering-terrorist-money-but-at-least-we-know-about-it">HSBC got a slap on the wrist for laundering terrorist money, but at least we know about it</h2>
<p>Yeah <a href="https://www.forbes.com/sites/afontevecchia/2012/07/16/hsbc-helped-terrorists-iran-mexican-drug-cartels-launder-money-senate-report-says/">that
happened</a>.</p>
<p>If the world were Bitcoin then HSBC would not be needed. Bitcoin <em>is</em>
dishonest money laundering because “money laundering” is just the flip
side of honest “anonymity”.</p>
<h1 id="section-3-the-electricity">Section 3: The electricity</h1>
<p>Some of the electricity aspects are in theory possible to fix, I’ll
admit. But the current state is absolutely horrible.</p>
<h2 id="the-numbers">The numbers</h2>
<p>As of 2017-11-10 <a href="https://digiconomist.net/bitcoin-energy-consumption">Bitcoin consumes about 1.7GW of
power</a>. That’s
about 1.5-4 nuclear reactor’s worth of output (depending on reactor
size) at a cost of about 1.3 BILLION dollars annually.</p>
<p>All this to support 7 transactions per second.</p>
<h2 id="bitcoin-is-built-on-burglary-and-theft">Bitcoin is built on burglary and theft</h2>
<p>As of approximately now-ish (depends on BTC value of the day) it’s not
economically feasible to pay for electricity to run Bitcoin. So why
does Bitcoin run?</p>
<p>Because it’s run on stolen power. Hacked machines, fraud, abuse, and
malware runs bitcoin.</p>
<p>You don’t need to go to <a href="https://en.wikipedia.org/wiki/Silk_Road_(marketplace)">Silk
Road</a> to be
part of the criminal parts of Bitcoin; Bitcoin <em>itself</em> runs on crime.</p>
<h2 id="electricity-cost-floor">Electricity cost floor</h2>
<p>This is another major reason I strongly dislike Bitcoin. As long as
participating in mining or transaction validation is compensated this
sets a floor on the cost of electricity.</p>
<p>Imagine I invented a device that lowered the cost of electricity
production to 10% of what it is today. How would that affect the price
of energy for consumers, to save money for consumers, resources for
the world, and enable new uses of energy previously not economical?</p>
<p>In a Bitcoin world: Not at all. The price was already at the level
where it was rational for someone to pay that in order to make
Bitcoin. If the price drops, then that pushes up demand until supply
runs low causing the price to be back to exactly where it started.</p>
<p>Placing a floor on the price of energy is just about the most evil
thing that can be done to civilization, the world economy, and
everything affected by it.</p>
Sun, 12 Nov 2017 00:00:00 +0000https://blog.habets.se/2017/11/Why-bitcoin-is-terrible.html
https://blog.habets.se/2017/11/Why-bitcoin-is-terrible.htmlWPA2 and Infineon<p>The <a href="https://www.krackattacks.com/">recent bug in WPA2</a> has a worst
case outcome that is the same as using a wifi without a password:
People can sniff, maybe inject… it’s not great but you connect to open
wifi at Starbucks anyway, and you’re fine with that because you visit
sites with HTTPS and SSH. Eventually your client will get a fix too,
so the whole thing is pretty “meh”.</p>
<p>But there’s a reason I call it “WPA2 bug” and I call the recent issue
with Infineon key generation <a href="https://keychest.net/roca">“the Infineon
disaster”</a>. It’s much bigger. It seems
like <a href="https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/">the whole of Estonia needs to re-issue ID
cards</a>,
and several years worth of PC-, smartcard-, Yubikey, and other
production have been generating bad keys. And these keys will stick
around.</p>
<p>From now until forever when you generate, use, or accept RSA keys you
have to check for these weak keys. I assume OpenSSH will if it hasn’t
already.</p>
<p>But then what? It’s not like servers can just reject these keys, or
it’ll lock people out. And it’s not clear that an adversary even has
your public key for SSH. And you can’t crack the key if you don’t have
the public half. Maybe a warning, and then in a year start rejecting
the keys?</p>
<p>And then you have to trust that every other implementation does the
same.</p>
<p>But then you have all the clients and servers that just never get
updated or audited…</p>
<p>So this is a disaster. It’s worse than the <a href="https://www.schneier.com/blog/archives/2008/05/random_number_b.html">Debian randomness
bug</a>.</p>
<h2 id="previous-blog-posts-on-this-issue">Previous blog posts on this issue</h2>
<ul>
<li><a href="/2017/10/Is-my-TPM-affected-by-the-Infineon-disaster.html">Is my TPM affected by the Infineon disaster</a></li>
<li><a href="/2017/10/Yubikey-for-SSH-after-the-infineon-disaster.html">Yubikey for SSH after the Infineon disaster</a></li>
</ul>
Fri, 27 Oct 2017 00:00:00 +0000https://blog.habets.se/2017/10/WPA2-And-Infineon.html
https://blog.habets.se/2017/10/WPA2-And-Infineon.htmlsecurity,tpmInternet in China<p>In this post I’ll describe some experiences I had with the Internet in
China, and what it means for people making websites in the west in
order to reach expats, visitors, and anyone else in China. So this
should be useful information even if you don’t care about China as a
market at all.</p>
<p>This blog post may be updated, as I have more thoughts on Internet in
China.</p>
<p>My subjective experience is that “Internet in China” is an
oxymoron. How exactly is there “Internet” without Google, Facebook,
and Twitter? When attaching an Android phone to a WiFi in China it
even says <a href="/static/2017-10-wifi.png">“Wi-Fi has no Internet access”</a>.</p>
<p>OK, that’s not entirely serious. Especially since I’m obviously not
aware of what the Chinese language Internet looks like, not speaking
or reading Chinese. <a href="https://www.baidu.com/">Baidu</a> looks like it
largely provides the services Google does (search, maps, …), but
they’re pretty much not translated. The Baidu Map app seems fine, but
is almost useless if you don’t speak Chinese. The one thing it’s good
for is that unlike Google Maps (if you can even get to it. see below)
it actually shows you a <a href="https://en.wikipedia.org/wiki/Restrictions_on_geographic_data_in_China">correct location within
China</a>.</p>
<p>But more importantly it’s not just Google, YouTube, Facebook, Twitter,
Bloomberg, New York Times, and <a href="https://en.wikipedia.org/wiki/Websites_blocked_in_mainland_China">all the other expected
sites</a>
that are blocked. There’s also ALL the websites that assume that
Google works from where you are. And that’s a lot.</p>
<p>Two out of the tree Swedish newspapers I tried did not
work. <a href="https://www.dn.se/">DN</a> and <a href="https://www.svd.se/">SvD</a> are
<em>not</em> blocked, but because they use Google resources they don’t
actually work. They start to load, but then you only see a white blank
page. <a href="https://www.aftonbladet.se/">Aftonbladet</a> did work.</p>
<p><a href="https://www.picsearch.com/">Picsearch</a> (a previous employer of mine)
also doesn’t load. Because I went to China I didn’t bring any access
tokens or laptops, so I couldn’t dig too deep to verify for sure, but
I’m pretty sure this is to blame:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>&lt;script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"&gt;&lt;/script&gt;
</code></pre>
</div>
<p>The fix here should be quite simple: Just host jQuery yourself. It’s
78kB (before gzip). Also the same for external fonts, css, and
images. Yes, I realise I’m saying “don’t use CDNs”, but on the other
hand it seemed that <a href="https://www.cloudflare.com/">Cloudflare</a> wasn’t
blocked at all, so if you’re worried about resource use and latency
then host your CDNable material on a Cloudflare-fronted subdomain.</p>
<p>Really I should also point out that there’s no reason to leave out the
schema in this case. Just hardcode <code class="highlighter-rouge">https://</code> there.</p>
<h1 id="recommendation-1-dont-use-cdns">Recommendation 1: Don’t use CDNs</h1>
<p>The more services you rely on, the higher the likelyhood that it’s
blocked. Maybe one day your friendly CDN will draw the ire of the
Chinese government, or they choose to redirect to a Google-hosted copy
instead, which will fail in China because Google is blocked.</p>
<p>If all your resources are under one FQDN, then there’s less likelihood
you you being blocked. With two domains you double your risk.</p>
<h1 id="recommendation-2-actually-test-your-site-with-googlefacebook-blocked">Recommendation 2: Actually test your site with Google/Facebook blocked</h1>
<p>The list of networks here is probably not complete. I gathered it
simply by resolving some domains, then doing <code class="highlighter-rouge">whois</code> on the address to
get the whole range.</p>
<div class="highlighter-rouge"><pre class="highlight"><code>ipset create chinav4 nethash
for addr in \
64.18.0.0/20 \
64.233.160.0/19 \
66.102.0.0/20 \
66.249.64.0/19 \
72.14.192.0/18 \
74.125.0.0/16 \
104.132.0.0/14 \
108.177.0.0/17 \
172.217.0.0/16 \
207.126.144.0/20 \
209.85.128.0/17 \
216.58.192.0/19 \
216.239.32.0/19 \
;do
ipset add chinav4 "$addr"
done
ipset create chinav6 nethash family inet6
for addr in \
2a00:1450::/29 \
2a03:2880::/29 \
2607:F8B0::/32 \
2404:6800::/32 \
;do
ipset add chinav6 "$addr"
done
iptables -I INPUT -m set --match-set chinav4 src -j DROP
ip6tables -I INPUT -m set --match-set chinav6 src -j DROP
</code></pre>
</div>
<p>Does your site still load? If it doesn’t load fully, is it still at
least usable?</p>
<p>(I’m pretty sure the list above is incomplete, because dn.se still
works after doing this, but picsearch.com does not)</p>
<h1 id="recommendation-3-when-visiting-china-use-roaming-data-with-your-home-telco">Recommendation 3: When visiting China, use roaming data with your home Telco</h1>
<p>In other words: Get a data plan that’s not ridiculously expensive. My
data plan vith Vodaphone UK charges me at £3 per megabyte. Yes, per
megabyte. That would fall under “ridiculously expensive”.</p>
<p>The easiest way to get non-censored Internet, with working Google
services (including Google maps and GMail) is to use roaming data from
a western country.</p>
<p>The reason it’s not blocked is that roaming mobile data actually
tunnels back to your home country, and it’s there that you connect to
The Internet. China could do deep packet inspection on this tunnel,
but they don’t.</p>
<p>You’ll have a very high latency to everywhere, since all packets have
to go across the world first, but it’ll work. You could try getting a
roaming mobile data plan in Hong Kong or a nearby country, which
should help.</p>
Thu, 26 Oct 2017 00:00:00 +0000https://blog.habets.se/2017/10/Internet-in-China.html
https://blog.habets.se/2017/10/Internet-in-China.htmlnetworkIs my TPM affected by the Infineon disaster?<p>I made <a href="https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc">a
tool</a>
to check if your TPM chip is bad. Well, it extracts the SRK public key
and checks if it’s good or bad. If the SRK is bad then you can bet all
other keys are bad too.</p>
<p>This will also detect the case where the firmware has been fixed, but
you have not yet regenerated the key hierarchy on the TPM.</p>
<p>If the SRK is weak then not only are very likely all others keys you
generated in the TPM weak, but also anything generated <em>outside</em> the
TPM and imported is crackable, since your blobs are encrypted using
this crackable SRK key.</p>
<p>In other words: After upgrading firmware you need to re-take ownership
of the TPM, which will regenerate the SRK.</p>
<p>Example use:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>$ g++ -o check-srk -std=gnu++11 check-srk.cc -ltspi -lssl -lcrypto 2&gt;&amp;1 &amp;&amp; ./check-srk
Size: 2048
Outputting modulus…
8490234823904890234823904823904890238490238490238490238490[…]893428490823904231
--------------
THE KEY IS WEAK!
</code></pre>
</div>
<p>(use <code class="highlighter-rouge">-s</code> if you have an SRK PIN)</p>
<p>Thanks to <a href="https://www.twitter.com/marcan42">marcan</a> for a <a href="https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py">much
better checking
script</a>
than the one provided by original authors.</p>
<p>For more info about the Infineon disaster see <a href="https://crocs.fi.muni.cz/public/papers/rsa_ccs17">this relevant
paper</a>.</p>
Tue, 24 Oct 2017 00:00:00 +0000https://blog.habets.se/2017/10/Is-my-TPM-affected-by-the-Infineon-disaster.html
https://blog.habets.se/2017/10/Is-my-TPM-affected-by-the-Infineon-disaster.htmlsecurity,tpmYubikey for SSH after the Infineon disaster<p>Because of the <a href="https://www.yubico.com/keycheck/">Infineon Disaster of
2017</a> lots of TPM and Yubikey keys
have to be regenerated.</p>
<p>I have <a href="/2016/01/Yubikey-4-for-SSH-with-physical-presence-proof.html">previously
blogged</a>
about how to create these keys inside the yubikey, so here’s just the
short version of how to redo it by generating the key in software and
importing it into the yubikey.</p>
<p>When it appears to stall, that’s when it’s waiting for a touch.</p>
<div class="highlighter-rouge"><pre class="highlight"><code>openssl genrsa -out key.pem 2048
openssl rsa -in key.pem -outform PEM -pubout -out public.pem
yubico-piv-tool -s 9a -a import-key --touch-policy=always -i key.pem
yubico-piv-tool -a verify-pin -a selfsign-certificate -s 9a -S '/CN=my SSH key/' -i public.pem -o cert.pem
yubico-piv-tool -a import-certificate -s 9a -i cert.pem
rm key.pem public.pem cert.pem
ssh-keygen -D /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -e
</code></pre>
</div>
<p>Delete all mentions of previous key. It’s good to have a disaster plan
ahead of time if keys need to be replaced, but if you don’t have one:</p>
<ol>
<li>Inventory all bad keys. Make sure you have their fingerprints.</li>
<li>Inventory all places this key could be installed.</li>
<li>Generate new keys.</li>
<li>Distribute new keys. (in this case, add to all relevant <code class="highlighter-rouge">~/.ssh/authorized_keys</code>)</li>
<li>Remove all old keys.</li>
<li>Grep for the keys found in step 1.</li>
<li>Try to log in with old key.</li>
</ol>
<p>You could do 4 and 5 in one go, replacing key XXXXX with YYYYY (pick
something large enough from the key to be unique) with something like:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>OLD=XXXXXX
NEW=YYYYYY
NEW_URL=https://www.example.com/ssh-key.pub
for host in $(cat hosts); do
echo -------------
echo $host
ssh $host "
set -e
cd .ssh
(grep -q $OLD authorized_keys &amp;&amp; echo FIXING: old key there || echo OK: old key not there)
sed -i '/$OLD/d' authorized_keys
(grep -q $NEW authorized_keys &amp;&amp; echo OK: new key already there || curl -s $NEW_URL &gt;&gt; authorized_keys)
" || echo FAILED: could not log in
done
</code></pre>
</div>
<p>Be prepared to touch the yubikey a lot.</p>
<p><a href="https://sourceforge.net/p/trousers/mailman/trousers-users/thread/CA%2BkHd%2BdiwaDG0Oj20pioejk62yZhqD-EZ_Uhp7zBSS4WTgesWg%40mail.gmail.com/#msg36085699">PS</a></p>
Sun, 22 Oct 2017 00:00:00 +0000https://blog.habets.se/2017/10/Yubikey-for-SSH-after-the-infineon-disaster.html
https://blog.habets.se/2017/10/Yubikey-for-SSH-after-the-infineon-disaster.htmlsecurityReFS integrity is not on by default<p>I really don’t like the trend of filesystem authors to only care about
filesystem integrity by default. How about having seat belt for your
data integrity <em>by default</em> and let people turn it off if they want to
compromise correctness for performance?</p>
<p>What I didn’t know is that ReFS integrity is not on by default. Only
metadata integrity.</p>
<p>It’s also not visible or changeable in the UI (which is why I assumed
they’d done the right thing), which is strange to me, this being
Windows. No, you have to drop down into Microsoft’s crappy CLI.</p>
<h1 id="how-to-check-if-its-turned-on">How to check if it’s turned on.</h1>
<h2 id="check-files-in-one-directory">Check files in one directory</h2>
<div class="highlighter-rouge"><pre class="highlight"><code>PS E:\&gt; Get-Item '*' | Get-FileIntegrity
FileName Enabled Enforced
-------- ------- --------
E:\SomeDirectory False True
E:\SomeOtherDirectory False True
E:\SomeFile.txt False True
[...]
</code></pre>
</div>
<p>Fuck you, Microsoft.</p>
<h2 id="check-recursively">Check recursively</h2>
<p>Of course <code class="highlighter-rouge">Get-Item</code> doesn’t do recursion. Why would it? That would
make sense.</p>
<div class="highlighter-rouge"><pre class="highlight"><code>PS E:\&gt; Get-ChildItem -Recurse 'E:\SomeDirectory' | Get-FileIntegrity
FileName Enabled Enforced
-------- ------- --------
E:\SomeDirectory\foo.txt False True
[...]
</code></pre>
</div>
<h1 id="how-to-enable-it">How to enable it</h1>
<p><strong>Both commands are needed.</strong> The first command sets the new default
for the root directory, and the second adds checksums to all existing
files and directories.</p>
<div class="highlighter-rouge"><pre class="highlight"><code>PS E:\&gt; Get-Item 'E:\' | Set-FileIntegrity -Enable $True
PS E:\&gt; Get-ChildItem -Recurse 'E:\' | Set-FileIntegrity -Enable $True
</code></pre>
</div>
<p>This will show a lame ASCII progress bar while it’s doing it. I say
lame because this is 2017 and Microsoft managed to create PowerShell
without 1970’s technology like SIGWINCH or equivalent for actually
detecting a window resize. Not just “after the command was started”,
mind you, but also if the window changed size before starting the
command.</p>
<p>Oh, and run this as Administrator, because Microsoft will not only
need that for some files, it’ll actually spit out error messages that
do not contain the filename in question.</p>
<p>This is Microsoft’s “new and awesome” CLI, and it doesn’t do what
CLI’s have done since the 70’s.</p>
<p>Also this can’t set integrity checking on files marked read-only. Why?
Because Microsoft hates you, your data, and your cat.</p>
<h1 id="so-how-do-i-trigger-a-scrub-a-check-of-all-checksums">So how do I trigger a scrub, a check of all checksums?</h1>
<p>Ha ha ha, you can’t. Because Microsoft is retarded. They’re going with
the bullshit “Oh you don’t need to!”, completely ignoring that what I
want to find out is if my physical disks are failing, or have
corrupted data.</p>
<p>I guess I could <code class="highlighter-rouge">tar</code> up the whole filesystem and send the output to
the bitbucket. But oh wait… <code class="highlighter-rouge">tar</code> is not included in Windows so I
need third party tools.</p>
Wed, 30 Aug 2017 00:00:00 +0000https://blog.habets.se/2017/08/ReFS-integrity-is-not-on-by-default.html
https://blog.habets.se/2017/08/ReFS-integrity-is-not-on-by-default.htmlwindows,storage,refsMicrowave<p>Two interesting things I saw when listening to the output from my
microwave:</p>
<ol>
<li>The frequency is not stable. I assume it’s not thermally
controlled.</li>
<li>Probably not a good idea to use WiFi channel 6, being 2.437GHz+-11MHz and all.</li>
</ol>
<h1 id="near-the-microwave">Near the microwave</h1>
<p><img src="/static/2017-06-near-microwave.png" alt="Near the microwave" /></p>
<h1 id="some-rooms-away-from-the-microwave">Some rooms away from the microwave</h1>
<p>Separate measurement some rooms away.</p>
<p><img src="/static/2017-06-far-microwave.png" alt="Further from microwave" /></p>
<h1 id="how-to-generate-the-graphs">How to generate the graphs</h1>
<div class="highlighter-rouge"><pre class="highlight"><code># Edit usrp_spectrum_sense.py so that it prints time.time() instead of datetime.now()
./usrp_spectrum_sense.py --dwell-delay=0.1 -A RX2 -s 8000000 --real-time 2.4e9 2.5e9 &gt; near-microwave.txt
# Edit near-microwave to remove the stupid verbose messages from the top.
cat &gt; microwave.plot &lt;&lt; EOF
set view map
set size ratio .9
set object 1 rect from graph 0, graph 0 to graph 1, graph 1 back
set object 1 rect fc rgb "black" fillstyle solid 1.0
set xlabel 'Time in seconds'
set ylabel 'Frequency'
set zlabel 'dB'
set terminal epslatex color
set output "near-microwave.eps"
splot 'near-microwave.txt' using ($1-1496693552.11):((($5/1000-2400000)/1000)):4 with points pointtype 5 pointsize 3 palette linewidth 30 title 'Signal'
EOF
gnuplot microwave.plot
convert near-microwave.{eps,png}
</code></pre>
</div>
<p>I can’t have GNUPlot output PNG directly because it hangs.</p>
<p>The magic value <code class="highlighter-rouge">1496693552.11</code> is the first timestamp in the file.</p>
Wed, 07 Jun 2017 00:00:00 +0000https://blog.habets.se/2017/06/Microwave.html
https://blog.habets.se/2017/06/Microwave.htmlgnuradioDecoding FSK<p>Something I’ve been playing with lately is software defined radio with
GNURadio. I’m not good at it yet, but I’ve managed to decode the
signals from a couple of things.</p>
<p>This is my step-by-step for how I decoded data from a boiler
thermostat. I’m not saying it’s the best way, or even a good way. But
it’s what got me there.</p>
<h1 id="find-the-frequency">0. Find the frequency</h1>
<p>Often this is written on the device itself. Other times it’s in the
manual. If not, then more research is needed, such as by trying to
find the manufacturer on <a href="https://www.fcc.gov/">fcc.gov</a> or similar.</p>
<p>In this case it was easy. The manual said “868 MHz”, which is in the
<a href="https://en.wikipedia.org/wiki/Short_Range_Devices#SRD860">SRD860
band</a>.</p>
<h1 id="capture-some-data">1. Capture some data</h1>
<p>When I poked at the controls of the thermostat, saying “please make
the room 25 degrees”, the thermostat must send this data to the
boiler. I could hear the boiler start up and shut down, so there must be
something sent between me pressing the buttons and I heard the results.</p>
<p>I started by centering around 868.5 Mhz with 1Msps. The minimum for
the RTL-SDR is 900ksps, so even if you wanted to see less than 1MHz
you need to capture more first, and then downsample later.</p>
<p>A waterfall showed action around 868.288 MHz, that when slowed down
became obvious 2FSK.
<img src="/static/2017-04-fsk-data.png" alt="2FSK" /></p>
<p>I started a new capture at 868.288Mhz at 1Msps of both “boiler goes
on” and “boiler goes off”, and saved to file.</p>
<p><img src="/static/2017-04-fsk-01-capture.png" alt="01-capture.grc flowgraph" /></p>
<p><a href="https://raw.githubusercontent.com/ThomasHabets/radiostuff/master/boiler/01-capture.grc">01-capture.grc</a></p>
<h1 id="cut-away-everything-before-and-after-the-burst">2. Cut away everything before and after the burst</h1>
<p>Tweak “skip” and “save” variables (given in seconds) to get a smaller
file that can be played with without needing to wait. Keep a bit of
buffer on both sides though.</p>
<p><img src="/static/2017-04-fsk-02-cut.png" alt="02-cut.grc flowgraph" /></p>
<p><a href="https://raw.githubusercontent.com/ThomasHabets/radiostuff/master/boiler/02-cut.grc">02-cut.grc</a></p>
<h1 id="filter-the-signal">3. Filter the signal</h1>
<p>An easy way to clean up the signal is to squelsh away the noise, and
then band pass only the regions where there should be signal.</p>
<p>This is very likely not the best way to get the best range, but it
does make it easy to work with the signal visually. And decoding a
strong signal can be a first step to later tweaking to be able to
receive weaker signals.</p>
<p>All inputs to a Frequency Sink must have the same sample rate, so
compensate for the decimation by repeating the signal.</p>
<p>Because the signal coming out of the band pass filter is not still the
original sample rate, it’ll create lots of aliasing in the graph.
That’s fine. We’ll be working with the decimated sample rate anyway.</p>
<p><img src="/static/2017-04-fsk-03-filter.png" alt="03-filter.grc flowgraph" /></p>
<p><img src="/static/2017-04-fsk-data-03-filter.png" alt="Filtered data" /></p>
<p><a href="https://raw.githubusercontent.com/ThomasHabets/radiostuff/master/boiler/03-filter.grc">03-filter.grc</a></p>
<h1 id="quadrature-demod">4. Quadrature demod</h1>
<p>Quadrature demod is a magic box that turns water into wine, and 2FSK
into floats. The output is essentially “&gt;0 means the higher frequency
was active, &lt;0 means the lower frequency was active”, and the value shows
how much more active that frequency was.</p>
<p><img src="/static/2017-04-fsk-04-quad.png" alt="04-quad.grc flowgraph" /></p>
<p><img src="/static/2017-04-fsk-data-04-quad.png" alt="Demodulated data" /></p>
<p><a href="https://raw.githubusercontent.com/ThomasHabets/radiostuff/master/boiler/04-quad.grc">04-quad.grc</a></p>
<h1 id="moving-average">5. Moving average</h1>
<p>What came out of quadrature demod was a square wave. The input to
clock recovery needs to have peaks, or it won’t be able to center a
bit around that peak. If the peak is flat then it won’t be able to
adjust closer to the center of that peak.</p>
<p>A moving average will do this nicely. The number of samples to average
is the width, in samples, of a peak.</p>
<p>The output is now a very nice and obvious bit pattern.</p>
<p><img src="/static/2017-04-fsk-05-moving.png" alt="05-moving.grc flowgraph" /></p>
<p><img src="/static/2017-04-fsk-data-05-moving-average.png" alt="Moving average" /></p>
<p><a href="https://raw.githubusercontent.com/ThomasHabets/radiostuff/master/boiler/05-moving.grc">05-moving.grc</a></p>
<h1 id="clock-recovery">6. Clock recovery</h1>
<p>Clock recovery takes a stream of data and picks out the “bits”, giving
one output sample per bit. This is much better explained in the
<a href="https://wiki.gnuradio.org/index.php/Guided_Tutorial_PSK_Demodulation#7.6._Recovering_Timing">Guided tutorial PSK
demodulation</a>.</p>
<p>These output bits don’t actually look that good. I found that I get
reliable output in the end, but clock recovery is clearly the weak
part of my project.</p>
<p><img src="/static/2017-04-fsk-06-clock-recovery.png" alt="06-clock-recovery.grc flowgraph" /></p>
<p><img src="/static/2017-04-fsk-data-06-clock-recovery.png" alt="Recovered bits" /></p>
<p><a href="https://raw.githubusercontent.com/ThomasHabets/radiostuff/master/boiler/06-clock-recovery.grc">06-clock-recovery.grc</a></p>
<h1 id="packets-assemble">7. Packets, assemble!</h1>
<p>We now have a stream of bits, surrounded on both sides by
zeroes. Turns out there’s no good standard block to turn this into
packets. There’s “Tagged Stream to PDU”, but it wants the packet
length.</p>
<p>So I had to write my own block. Because this block will be running at
the bit rate of 2400sps and not the original sample rate of 1Msps or
even the post-filter sample rate of 200ksps, I thought it would be
fine to write it in Python. I have another block decoder for OOK
designed to run at higher sample rates, and there the performance
benefits of using C++ really mattered.</p>
<p>The block treats &gt;0 as “one”, &lt;0 as “zero”, and 0 as “end of
packet”. At end of packets it tries to find the packet preamble, and
if found will emit a PDU.</p>
<p>As expected, the packet for “on” and the packet for “off” are static,
and they differ by one bit.</p>
<p><img src="/static/2017-04-fsk-07-sink.png" alt="07-sink.grc flowgraph" /></p>
<p><img src="/static/2017-04-fsk-data-07-sink.png?tmp=tmp2" alt="PDU" /></p>
<p><a href="https://raw.githubusercontent.com/ThomasHabets/radiostuff/master/boiler/07-sink.grc">07-sink.grc</a></p>
<p><a href="https://github.com/ThomasHabets/radiostuff/blob/master/gr-habets/python/pn_decode_bb.py">packet decoder</a></p>
<h1 id="ship-it">8. Ship it!</h1>
<p>This is the same as step 7, except capturing data live. The flow graph
is simple and fast enough to run on a <a href="https://en.wikipedia.org/wiki/Raspberry_Pi">Raspberry
Pi</a> 3.</p>
<p><img src="/static/2017-04-fsk-08-live.png" alt="08-live.grc flowgraph" /></p>
<p><a href="https://raw.githubusercontent.com/ThomasHabets/radiostuff/master/boiler/08-live.grc">08-live.grc</a></p>
<h1 id="data-over-time">9. Data over time</h1>
<p>After setting this up to log indefinitely I saw that the thermostat
sends a command to the boiler once every 10 minutes in addition to
when I triggered it with buttons. Presumably if the thermostat dies the
boiler will automatically shut down after missed commands, so these
transmissions every 10 minutes serve as keep-alive.</p>
<p><img src="/static/2017-04-fsk-boiler.png" alt="Boiler status over time" /></p>
Thu, 06 Apr 2017 00:00:00 +0000https://blog.habets.se/2017/04/Decoding-FSK.html
https://blog.habets.se/2017/04/Decoding-FSK.htmlgnuradioKilling idle TCP connections<h1 id="why">Why</h1>
<p>Let’s say you have some TCP connections to your local system that you
want to kill. You could kill the process that handles the connection,
but that may also kill other connections, so that’s not great. You
could also put in a firewall rule that will cause the connection to be
reset. But that won’t work on a connection that’s idle (also if one
side is initiator then using this method the other side would not tear
down its side of the connection). There’s
<a href="https://en.wikipedia.org/wiki/Tcpkill"><code class="highlighter-rouge">tcpkill</code></a>, but it needs to
sniff the network to find the TCP sequence numbers, and again that
won’t work for an idle connection.</p>
<p>Ideally for these long-running connections TCP keepalive would be
enabled. But sometimes it’s not. (e.g. it’s not on by default for gRPC
TCP connections, and they certainly can be long-running and idle).</p>
<p>You could also do this by attaching a debugger and calling
<code class="highlighter-rouge">shutdown(2)</code> on the sockets, but having the daemon calling unexpected
syscalls thus getting into an unexpected state doesn’t really make for
a stable system. Also attaching a debugger hangs the daemon while
you’re attached to it.</p>
<p>This post documents how to do this on a Debian system.</p>
<h1 id="no-really-why">No, really. Why?</h1>
<p>If a client connects to a dual-stack hostname it’ll (usually, see
<a href="https://www.ietf.org/rfc/rfc3484.txt">RFC3484</a>) first try IPv6, and
then IPv4 if that fails.</p>
<p>If a server comes up after the client tries IPv6 then it’ll fall back
to IPv4, even though IPv6 would have worked at that time too.</p>
<p>I want to kick the IPv4 clients over to IPv6, since restarting the
server (or even rebooting the server) doesn’t change anything about
the race, and I don’t want to restart the clients because they’re
doing long-running compute work that I don’t want to lose state on.</p>
<p>With IPv6 I can differentiate hosts behind NAT, for example.</p>
<h1 id="how">How</h1>
<h2 id="download-debug-kernel-package-for-the-kernel-youre-running">1. Download debug kernel package for the kernel you’re running</h2>
<p>Take the date from <code class="highlighter-rouge">uname -a</code> and add a week or so, and open the
Debian archive for that day. E.g.
<a href="http://snapshot.debian.org/archive/debian/2017031500T000000Z/pool/main/l/linux/">http://snapshot.debian.org/archive/debian/2017031500T000000Z/pool/main/l/linux/</a>.</p>
<p>Download the <code class="highlighter-rouge">-dbg</code> version of the kernel you’re running. E.g.:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>linux-image-3.16.0-4-amd64-dbg_3.16.39-1+deb8u2_amd64.deb 351181890 2017-03-10 03:37:13
</code></pre>
</div>
<h2 id="unpack-the-deb">2. Unpack the .deb</h2>
<div class="highlighter-rouge"><pre class="highlight"><code>mkdir tmpkernel
cd tmpkernel
dpkg -x ../linux-image….deb .
cp ./usr/lib/debug/lib/modules/*/vmlinux .
</code></pre>
</div>
<h2 id="find-the-address-of-the-skbuf">3. Find the address of the skbuf</h2>
<div class="highlighter-rouge"><pre class="highlight"><code>$ ss -e -t dst 10.0.64.123
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 ::ffff:192.0.2.1:22 ::ffff:10.0.64.123:30201 uid:1003 ino:68386802 sk:ffff88000caa2800 &lt;-&gt;
</code></pre>
</div>
<h2 id="start-kernel-debugger">3. Start kernel debugger</h2>
<div class="highlighter-rouge"><pre class="highlight"><code>sudo apt-get install crash
sudo crash -e emacs ./vmlinux
</code></pre>
</div>
<h2 id="print-the-sequence-numbers">4. Print the sequence numbers</h2>
<div class="highlighter-rouge"><pre class="highlight"><code>crash&gt; struct tcp_sock.rcv_nxt,snd_una ffff88000caa2800
rcv_nxt = 2691239595
snd_una = 3825672049
</code></pre>
</div>
<h2 id="kill-both-sides-of-the-connection">5. Kill both sides of the connection</h2>
<div class="highlighter-rouge"><pre class="highlight"><code>hping3 -s 22 -c 1 -M 3825672049 -L 2691239595 -F -A -p 30201 10.0.64.123
hping3 -s 30201 -c 1 -L 2691239595 -M 3825672049 -F -A -p 22 -a 10.0.64.123 192.0.2.1
</code></pre>
</div>
<h2 id="verify-that-connection-is-closed">6. Verify that connection is closed</h2>
<div class="highlighter-rouge"><pre class="highlight"><code>netstat -napW | grep 10.0.64.123
</code></pre>
</div>
<p>If possible you may want to check the remote end too. But if it’s the
client that will eventually send traffic then it’ll be cleanly
disconnected at that point.</p>
Wed, 15 Mar 2017 00:00:00 +0000https://blog.habets.se/2017/03/Killing-idle-TCP.html
https://blog.habets.se/2017/03/Killing-idle-TCP.htmlnetwork,linuxWindows SSH client with TPM<p>I managed to get an SSH client working using an SSH pubkey protected by a TPM.</p>
<h2 id="optional-take-ownership-of-the-tpm-chip">Optional: Take ownership of the TPM chip</h2>
<p>This is not needed, since TPM operations only need well known SRK PIN,
not owner PIN, to do useful stuff. I only document it here in case
you want to do it. Microsoft recommends against it.</p>
<ol>
<li>
<p>Set <code class="highlighter-rouge">OSManagedAuthLevel</code> to 4
<code class="highlighter-rouge">HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TPM\OSManagedAuthLevel</code> 2 -&gt; 4</p>
<p>Reboot.</p>
</li>
<li>
<p>Clear TPM</p>
<p>Run <code class="highlighter-rouge">tpm.msc</code> and choose “Clear TPM”. The machine will reboot
and ask you to press F12 or something for physical proof of
presence to clear it.</p>
</li>
<li>
<p>Set owner password from within <code class="highlighter-rouge">tpm.msc</code></p>
</li>
</ol>
<h2 id="set-up-tpm-for-ssh">Set up TPM for SSH</h2>
<ol>
<li>
<p>Create key</p>
<div class="highlighter-rouge"><pre class="highlight"><code>tpmvscmgr.exe create /name "myhostnamehere VSC" /pin prompt /adminkey random /generate
</code></pre>
</div>
<p>PIN must be at least 8 characters.</p>
</li>
<li>
<p>Create CSR</p>
<p>Create a new text file <code class="highlighter-rouge">req.inf</code>:</p>
<pre><code class="language-`">[NewRequest]
Subject = "CN=myhostnamehere"
Keylength = 2048
Exportable = FALSE
UserProtected = TRUE
MachineKeySet = FALSE
ProviderName = "Microsoft Base Smart Card Crypto Provider"
ProviderType = 1
RequestType = PKCS10
KeyUsage = 0x80
</code></pre>
<div class="highlighter-rouge"><pre class="highlight"><code>certreq -new -f req.inf myhostname.csr
</code></pre>
</div>
<p>If you get any errors, just reboot and try again with the command that failed.</p>
</li>
<li>
<p>Get the CSR signed by any CA at all</p>
<p>We just need it to be a certificate so that Windows will install it.</p>
<p>This should work (on a Linux system) by creating a dummy CA and
using it to sign:</p>
<div class="highlighter-rouge"><pre class="highlight"><code>yes '' | openssl req -x509 -newkey rsa:2048 -keyout ca.pem -nodes -out ca.pem -days 3650;echo
openssl x509 -req -days 3650 -in myhostname.csr -out myhostname.crt -CA ca.pem -CAkey ca.pem -CAcreateserial
</code></pre>
</div>
</li>
<li>
<p>Double-click on the resulting <code class="highlighter-rouge">.crt</code> file</p>
<p>Click the “Install Certificate…” button and go through the motions.</p>
</li>
<li>
<p>Extract the public key in SSH format.</p>
<div class="highlighter-rouge"><pre class="highlight"><code>$ openssl req -in myhostname.csr -pubkey -noout &gt; pub.txt
$ ssh-keygen -i -m PKCS8 -f pub.txt
ssh-rsa AAAAB3Nzaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
</code></pre>
</div>
<p>This should give you the public key in SSH format. Just put that in
<code class="highlighter-rouge">~/.ssh/authorized_keys</code>, and probably add something descriptive at the end.</p>
</li>
<li>
<p>Log in with PuttyWinCrypt</p>
<p>You can’t use normal Putty because
<a href="https://sourceforge.net/projects/puttywincrypt/">PuttyWinCrypt</a>
includes required support for smart card and Windows crypto.</p>
<p>Under “Connection &gt; SSH &gt; Auth” you need to set “Private key file
for authentication” to <code class="highlighter-rouge">cert://*</code>.</p>
</li>
</ol>
<h2 id="links">Links</h2>
<ul>
<li><a href="https://technet.microsoft.com/en-us/itpro/windows/keep-secure/change-the-tpm-owner-password">Microsoft: Change the TPM owner
password</a>. They
recommend you don’t.</li>
<li><a href="https://www.idrix.fr/Root/Samples/pubkey2ssh.c">Code to convert PEM pub -&gt;
SSH</a>. Alternative
method.</li>
<li><a href="http://www.zensolutions.co.nz/dev/ssh">Online tool to convert PEM pub -&gt;
SSH</a>. Another alternative
method.</li>
<li><a href="http://qistoph.blogspot.co.uk/2015/12/tpm-authentication-in-openvpn-and-putty.html">TPM authentication in OpenVPN and PuTTY
SSH</a></li>
</ul>
Mon, 17 Oct 2016 00:00:00 +0000https://blog.habets.se/2016/10/Windows-SSH-client-with-TPM.html
https://blog.habets.se/2016/10/Windows-SSH-client-with-TPM.htmltpm,security,hsm,windows